ISO 27799 standard adds information and special requirements to the information security management of healthcare organizations that manage medical records, and employs appropriate means to protect the sensitive medical information of the company’s customers.

HIPAA – Health Insurance Portability and Accountability Act is an American law that has been adopted in Europe, including Israel, for information security management at healthcare companies. It applies to healthcare organizations and their suppliers and subcontractors. The standard protects medical information through processes and controls such as risk management.

ISO 27005 standard establishes guidelines for the management of organizational information security risks. This standard complies with the general concepts detailed in ISO 27001 and is designed to assist in the proper implementation of information security based on a risk management approach.

Why should your organization upgrade its working processes to comply with ISO 27001, ISO 27799 and HIPAA and obtain formal certification?

Working in accordance with ISO 27001, ISO 27799 and HIPAA…

Increases the sense of security among the company’s clients and enhances the company’s reputation

Upgrades the management and security of the organization’s databases and information systems

If the organization is ISO 9001 certified, it is possible to adapt the organization’s quality procedures to the requirements of the standards, thereby creating procedures of an integrated quality system.

Define information security requirements and guidelines within the organization’s internal procedures (procedures at the work process level);

Define information security objectives and metrics;

Define activities for continuous improvement and the definition of information security as part of organizational culture.

How is the consultancy process for ISO 27001 or ISO 27799 including HIPAA certification carried out?

The process begins with meetings with key people at your organization to learn your work processes. A consultant from our company characterizes the work processes and develops the procedures, work instructions and forms and, in cooperation with the organization’s personnel, identifies the information security risks. The company’s procedures that are developed are approved by a representative of the organization’s management. Once the procedures have been approved, we help you implement them. The integration process may include, according to your needs, trainings, internal audits, preparation and participation in a quality management review, and more. We guarantee that at the end of the consultancy process, you will successfully pass an objective audit by one of the organizations authorized to examine compliance with the standard in Israel.